Zero-trust Attitude is Gaining Ground

With every new instance of cybersecurity breach comes the discussion around zero-trust and its impact on how the world perceives their data and its usage. Though enterprises appear to have moved this topic from cybersecurity expert huddles in the company to the respective boardrooms, the same cannot be said about individual choices. 

A recent survey by identity and access management vendor Okta suggests that a good chunk of its customers are increasingly claiming an “all-in” status when it comes to adopting a strategic zero-trust option when it comes to their users, devices and network protection. This may be good news at first sight, but the numbers indicate a slow but steady progress. 

The writing on the wall is getting clearer

Businesses and individuals are slowly coming round to accepting the view that cyberattacks do not just land companies in trouble, they’ve economic consequences that could prove disastrous at some point. With more applications on the cloud and smartphones capable of feeding off them for data, security challenges are only headed one way. 

In its latest ‘Business at Work’ report, Okta has collected data from over 17,000 global customers which indicates that 22% of them have deployed one or more zero-trust configurations. While one could question the pace of this growth, the fact remains that this number stood at just 10% a year ago. 

Risk-based policies are making more sense

The survey said use of risk-based policies for networks had gone up by a whopping 147% over the past twenty-four months. The use of password-less web authentication grew by 60% while there was a 21% increase in the number of device-trust configurations during the same time frame. A quarter of the respondents also used security keys and biometrics last year. 

It was no surprise that technology companies were at the frontline of this increased adoption as 34% of them deployed at least one zero-trust configuration during the time frame under review. The next in line were the banking and financial services companies with 26% followed by healthcare and pharmaceuticals with 23%. 

Customer data is critical but there’s more to it

Quite clearly, the adoption rates were higher in industries that stored personal information of its customers for a variety of reasons. Though the research agency expects zero-trust adoption to grow at the same pace as companies move towards a cloud migration, the concern is that many of the businesses not having a direct customer outside were actually slow at adoption. 

Okta said companies were adopting zero-trust at the point of access and for identity protection. In its report, the agency said  “There is now a growing global consensus that pairing zero trust with an identity and access management solution can result in a powerful central control point for governing access among users, devices, data, and networks.” 

The research team also pointed out that context-based access policies were considered to be critical for getting zero-trust configurations implemented based on customer data. “When we look at improving access configurations, an increasing volume of adaptive MFA [multi-factor authentication] events, and the rise of biometrics and WebAuthn, we see zero trust in practice,” the company said.